If PHP bails out in startup stage before setting PG(modules_activated)to 1, the filter_globals struct is not cleaned up on shutdown stage.The subsequence request will use uncleaned value in filter_globalsstruct. With special crafted request, this problem can lead toinformation disclosure and remote code execution.

Only apache modules SAPI are found to vulnerable to this problem.While other SAPIs are safe because a PHP process exits when PHP bailsout before setting PG(modules_activated) to 1.

I have exploited the website using that 0day and executed a php bufferoverflow code